What information can you retrieve from Google's API Key created through Google GCP Console.
GCP Console -> Menu -> APIs & Services -> Credentials -> API Key
Is there a way on the backend to get the project id associated to this query string ex: key=apiKey?
or
list all API keys for a GCP project using some googleAPI?
or
something like: gcloud iam api-keys list?
Thank you.
What information can you retrieve from Google's API Key created
through Google GCP Console.
You can see information such as:
API Key
Creation date
Created by
Total usage
Application Restrictions
Website Restrictions
Is there a way on the backend to get the project id associated to this
query string ex: key=apiKey?
Neither end-users nor GCP IAM members can see anything regarding the API Key except via the GCP Console.
list all API keys for a GCP project using some googleAPI?
A public API has not been published for API Keys.
something like: gcloud iam api-keys list?
No tools have been published that display information regarding API Keys.
I believe gcloud alpha services api-keys list is what you are asking for? - https://cloud.google.com/sdk/gcloud/reference/alpha/services/api-keys/list
Related
We are struggling to connect with Azure Data Factory to Amazon Marketplace Web Services.
It seems that we have all information required, however, we are getting the following error:
Parameter AWSAccessKeyId cannot have multiple values.
All data seems to be correct. However, we think it is strange that a Access Key Id and Secret Access Key are needed to connect to the Marketplace Web Services. Both keys come from the AWS environment which is currently not connected to anything.
Any help is appreciated.
Kind regards,
Jens
Yes, you need Access key ID and Secret key while creating the Amazon Marketplace Web Service linked service in Azure Data Factory. There should only be one Access Key assigned to per user in AWS Marketplace. Apart from this, other properties are also required. Please refer below image for the same. Some properties are mandatory and others not.
To allow people in your company to sign in to the AWS Marketplace Management Portal, create an IAM user for each person who needs access.
To create IAM users
Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.
In the navigation pane, choose Users and then choose Create New Users.
In the numbered text boxes, enter a name for each user that you want to create.
Clear the Generate an access key for each user check box and then choose Create.
This key now you will pass in Linked Service in ADF.
Also, for better security, you can save the SecretKey in Azure Key Vault and use Azure Key Vault Linked Service to access the SecretKey. Refer Store credentials in Azure Key Vault.
How to pull the list of IAM users from google cloud along with their last activity??
Tried "gcloud projects get-iam-policy"
but it gives only list of iam users/members but not their last activity
Ok, if it's for company, you have this information in the Google Cloud Identity platform. You can log in here: https://admin.google.com
Go to users and boom
Of course you can request these values by API with the admin sdk
It works only for managed accounts. If you have unmanaged account (in gmail.com or from another company) you don't have access to this information.
EDIT 1
To track the service account activity, you can rely on the documentation. Cloud Monitoring allow you to do that. If you need to export the data to BigQuery for analytics for example, let me know I could help on that.
To know the privilege that the users have, you can rely on the Asset Inventory, and especially on the IAM search policy feature.
I am a total GCP noob - I've literally just signed up to use one of the APIs.
I tried to follow these steps from here , but got stuck when trying to enable the APIs.
I came across this, which tells me: You need permission serviceusage.services.enable on the project and permission servicemanagement.services.bind on the API to enable it.
There is a link with information on it, but this means nothing to me. I have managed to find and IAM & Admin page for my project, but can't find a way to do the above.
All help is appreciated.
To enable the API on you GCP project follow the steps :-
I. Go to dashboard
II. From Navigation Menu go to "API and Services" dashboard and then click on “Enable API and Services”
III. Search for the APIs you need to enable(Cloud IOT, Dataflow API, Cloud Pub/Sub)
IV. Then click on enable API
From "IAM and Admin" page you get the service credentials key or json key which enables you to access you gcp project from command line interface.
To get the service credentials key follow the steps :-
I. Go to the link for getting service key : https://console.cloud.google.com/apis/credentials/serviceaccountkey
II. Under the heading of “Service Account” select a new service account and then give a name to your service account and select the role as owner{Project<Owner}.
III. Under the key type select JSON and click on ‘Create’
IV. A file will be automatically downloaded on your device.
I'm building an appengine app that requires access to the Google Play Developer API. I've seen in the sample code that it's possible to authenticate using a service account in addition to Oauth.
Is there any chance this could work with the default service account without having to generate a json key ? That would make the setup a bit easier.
Edit: be more explicit about not using a json key but really using the default application credentials instead.
For App Engine Standard environment:
You can generate a Service Account key file from default service
account. Follow the link sample code you provided, then click on
the link shown in the "Getting Started" section, you'll get in
the Google Developer Console. If logged in with the correct account
(you should see your project name at the top), then go to Credentials
-> Create credentials -> Service Account key. In the service account dropdown list, choose "App Engine Default Service Account", choose
JSON as key type and you should be good to go to follow the last
instructions on the Github page.
For App Engine Flexible environment:
The default service account isn't listed in the Service Account page, as explained here. You can't generate a service account key with it. You'd need to use a custom service account.
I'm trying to query DynamoDB from my web application.
I successfully did that after using IAM and creating 3rd party Roles and make users log in my web app through Facebook or Google, my app obtained a token and created the AWS credentials.
Now, I want any user of my website, to be able to query one of my dynamoDB tables, which should be a public table, I tried doing that with Roles -mocking the previous way- but I always get an error"Missing credentials in config"?
How to avoid that? Is there a way to create AWS Credentials without a token from 3rd party and attach them to the IAM Role, or Did I have to create an IAM user instead with secret key, or is there any other better way to do that?
It sounds like Amazon Cognito is what you need here. If you are looking for an example web application, a recent blog post was published on a sample application using Amazon Cognito to authenticate users to access a DynamoDB table. http://www.infoq.com/articles/mars-rover-application-DynamoDB
Specifically, you may find the section "Application authenticates user via Amazon Cognito" useful.
Hopefully that helps! Good luck!